Shred luks header with custom passwd

Is there a way to set a custom passwd to initiate a luks header shred? I saw something similar by offensive sec.

Many problems that people have in Qubes are actually not Qubes specific.
This is one of those.

You can find guides online to help you do this - but if you are in state
which requires you to enter a password, then entering a password which
renders the drives unreadable will undoubtedly leave you open to criminal

See also: Qubes Duress - Deniable Qubes Instalation.

Back then, kali linux is providing patch that would permit the user to type a special [duress password] when decrypting the drive on-boot. When entered, this duress password would wipe (nuke) the encrypted drive where Kali was installed.

But it never merged to cryptsetup, and some years ago it was requested and rejected again by crypsetup team.

The dev said This issue was discussed many times. The luksErase command was the final decision, there will be no other internal mechanism to autowipe header, sorry.

Just go with detach header.

1 Like